CVE-2024-51247

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 version 1.5.1.3

Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the doPPPo function in the mainfunction.cgi script of the DrayTek Vigor 3900 router's firmware. This allows a remote attacker to execute arbitrary commands by injecting malicious commands into mainfunction.cgi and calling the doPPPo function.

Recommendations: For DrayTek Vigor 3900 version 1.5.1.3, patch the system immediately to prevent exploitation. Additionally, consider monitoring for exploit attempts and validate the system before exposing it to the internet. As a temporary workaround, consider restricting access to the mainfunction.cgi script to minimize the risk of exploitation.